| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025050209-CVE-2023-53060-7b1c@gregkh>
Date: Fri, 2 May 2025 17:55:25 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2023-53060: igb: revert rtnl_lock() that causes deadlock
From: Greg Kroah-Hartman <gregkh@...nel.org>
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
igb: revert rtnl_lock() that causes deadlock
The commit 6faee3d4ee8b ("igb: Add lock to avoid data race") adds
rtnl_lock to eliminate a false data race shown below
(FREE from device detaching) | (USE from netdev core)
igb_remove | igb_ndo_get_vf_config
igb_disable_sriov | vf >= adapter->vfs_allocated_count?
kfree(adapter->vf_data) |
adapter->vfs_allocated_count = 0 |
| memcpy(... adapter->vf_data[vf]
The above race will never happen and the extra rtnl_lock causes deadlock
below
[ 141.420169] <TASK>
[ 141.420672] __schedule+0x2dd/0x840
[ 141.421427] schedule+0x50/0xc0
[ 141.422041] schedule_preempt_disabled+0x11/0x20
[ 141.422678] __mutex_lock.isra.13+0x431/0x6b0
[ 141.423324] unregister_netdev+0xe/0x20
[ 141.423578] igbvf_remove+0x45/0xe0 [igbvf]
[ 141.423791] pci_device_remove+0x36/0xb0
[ 141.423990] device_release_driver_internal+0xc1/0x160
[ 141.424270] pci_stop_bus_device+0x6d/0x90
[ 141.424507] pci_stop_and_remove_bus_device+0xe/0x20
[ 141.424789] pci_iov_remove_virtfn+0xba/0x120
[ 141.425452] sriov_disable+0x2f/0xf0
[ 141.425679] igb_disable_sriov+0x4e/0x100 [igb]
[ 141.426353] igb_remove+0xa0/0x130 [igb]
[ 141.426599] pci_device_remove+0x36/0xb0
[ 141.426796] device_release_driver_internal+0xc1/0x160
[ 141.427060] driver_detach+0x44/0x90
[ 141.427253] bus_remove_driver+0x55/0xe0
[ 141.427477] pci_unregister_driver+0x2a/0xa0
[ 141.428296] __x64_sys_delete_module+0x141/0x2b0
[ 141.429126] ? mntput_no_expire+0x4a/0x240
[ 141.429363] ? syscall_trace_enter.isra.19+0x126/0x1a0
[ 141.429653] do_syscall_64+0x5b/0x80
[ 141.429847] ? exit_to_user_mode_prepare+0x14d/0x1c0
[ 141.430109] ? syscall_exit_to_user_mode+0x12/0x30
[ 141.430849] ? do_syscall_64+0x67/0x80
[ 141.431083] ? syscall_exit_to_user_mode_prepare+0x183/0x1b0
[ 141.431770] ? syscall_exit_to_user_mode+0x12/0x30
[ 141.432482] ? do_syscall_64+0x67/0x80
[ 141.432714] ? exc_page_fault+0x64/0x140
[ 141.432911] entry_SYSCALL_64_after_hwframe+0x72/0xdc
Since the igb_disable_sriov() will call pci_disable_sriov() before
releasing any resources, the netdev core will synchronize the cleanup to
avoid any races. This patch removes the useless rtnl_(un)lock to guarantee
correctness.
The Linux kernel CVE team has assigned CVE-2023-53060 to this issue.
Affected and fixed versions
===========================
Issue introduced in 4.14.291 with commit 5773a1e6e5ba9f62c4573c57878d154fda269bc2 and fixed in 4.14.312 with commit 0dabb72b923e17cb3b4ac99ea1adc9ef35116930
Issue introduced in 4.19.256 with commit 2e8a30c1d994d91099fa8762f504b2ac9dce2cf7 and fixed in 4.19.280 with commit 7d845e9a485f287181ff81567c3900a8e7ad1e28
Issue introduced in 5.4.211 with commit 55197ba6d64d48f1948e6e1f52482e0e3e38e1bf and fixed in 5.4.240 with commit cd1e320ac0958298c2774605ad050483f33a21f2
Issue introduced in 5.10.138 with commit 0f516dcd1456b18b56a7de0c1f67b8a4aa54c2ef and fixed in 5.10.177 with commit 4d2626e10709ff8474ffd1a9db3cf4647569e89c
Issue introduced in 5.15.63 with commit 8ee44abe4cae06713db33e0a3b1e87bfb95b13ef and fixed in 5.15.105 with commit 66e5577cabc3d463eea540332727929d0ace41c6
Issue introduced in 6.0 with commit 6faee3d4ee8be0f0367d0c3d826afb3571b7a5e0 and fixed in 6.1.22 with commit 62a64645749926f9d75af82a96440941f22b046f
Issue introduced in 6.0 with commit 6faee3d4ee8be0f0367d0c3d826afb3571b7a5e0 and fixed in 6.2.9 with commit de91528d8ba274c614a2265077d695c61e31fd43
Issue introduced in 6.0 with commit 6faee3d4ee8be0f0367d0c3d826afb3571b7a5e0 and fixed in 6.3 with commit 65f69851e44d71248b952a687e44759a7abb5016
Issue introduced in 5.19.4 with commit 64c0c233a88591bb23569ae12eed7f74e5bd39ce
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2023-53060
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
drivers/net/ethernet/intel/igb/igb_main.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/0dabb72b923e17cb3b4ac99ea1adc9ef35116930
https://git.kernel.org/stable/c/7d845e9a485f287181ff81567c3900a8e7ad1e28
https://git.kernel.org/stable/c/cd1e320ac0958298c2774605ad050483f33a21f2
https://git.kernel.org/stable/c/4d2626e10709ff8474ffd1a9db3cf4647569e89c
https://git.kernel.org/stable/c/66e5577cabc3d463eea540332727929d0ace41c6
https://git.kernel.org/stable/c/62a64645749926f9d75af82a96440941f22b046f
https://git.kernel.org/stable/c/de91528d8ba274c614a2265077d695c61e31fd43
https://git.kernel.org/stable/c/65f69851e44d71248b952a687e44759a7abb5016
Powered by blists - more mailing lists